default._domainkey is for your DKIM record not SPF. To create an SPF record you just want a single TXT record (do NOT use record type SPF - it’s deprecated and I don’t even know why Cloudflare still let us define it):
Your DKIM record (if needed) will be a long string (as it contains a public key which is normaly at least 1028bits and should be 2048bits presently), that’s the one that’ll be called default._domainkey.
Note that your TXT record for SPF will only affect oubound mail, and MX record will only affect inbound. So that’ll tell you where your issue is… if you can’t receive you messed up your MX, if you can’t send (well, sent mail doesn’t get accepted) it’s your SPF.